Key information issuing device, wireless operation device, and program

ABSTRACT

A key information issuing device ( 1, 1 A,  1 B) issuing key information to a key information retaining device ( 2, 2 A,  2 B) includes an authentication module ( 14, 3 ) authenticating an issuer of the key information, an output module ( 13 ) outputting the key information to the key information retaining unit, and a recording module ( 11 ) recording a mapping of the issued key information to the key information retaining unit. The key information is issued in response to an indication of the authenticated issuer.

BACKGROUND OF THE INVENTION

[0001] The present invention relates to a key information processingtechnology.

[0002] Key information has hitherto been utilized in a variety of scenesin the human society. For example, data communications requiring theconfidentiality of information involve using encryption keys. Further,what key information is recorded on magnetic stripes is used as a keyfor a building and an office as a substitute for a metallic key matchingwith a configuration of a key hole. Pieces of information on encryptionkeys and keys for the buildings etc are generically termed keyinformation.

[0003] The prior art system is, however, incapable of easily changingsuch a piece of key information and reissuing the key information.Alternatively, even if capable of reissuing the key information, acipher is required to be stored, and hence the re-issuance needs are-storing process, which is time-consuming. Therefore, though theencryption keys are used in the communications between informationdevices such as personal computer (which hereinafter be abbreviated to aPC) and so on, simple communications performed in daily life such ascommunications between a TV receiver and a wireless remote controllerthereof and communications between a wireless keyboard and the personalcomputer, do not involve the use of the encryption keys.

[0004] Supposing that, for instance, home banking through the wirelessremote controller and the wireless keyboard will be conducted from nowon into the future, however, it is desirable that those communicationsbe performed in an encryption-oriented system. It is because a passwordetc of a bank account might be intercepted (wiretapped).

[0005] It is required that a cipher be agreed upon between communicationdevices in order for communicating parties to decrypt such a cipher.Accordingly, there is needed a system capable of readily issuing theencryption key with security between the TV receiver and the wirelessremote controller and between the PC and the wireless keyboard.

[0006] On the other hand, magnetic stripe type and IC card type keys(which will hereinafter be called electronic keys) used for locking andunlocking, e.g., a building, an office and so on, are convenient tocarry and therefore easy to be lost and to become a target for theft.These types of keys are managed by, e.g., a center of a key (orbuilding) management company.

[0007] Hence, if such a key is lost, all the keys distributed for usingthe building and offices must be collected, and the key information mustbe rewritten. The collection and re-issuance of the keys are verytime-consuming.

SUMMARY OF THE INVENTION

[0008] It is a primary object of the present invention to provide atechnology capable of easily issuing key information to a keyinformation retaining device that retains the key information.

[0009] It is another object of the present invention to provide atechnology capable of ensuring sufficient security for protecting thekey information when issued from being intercepted.

[0010] To accomplish the above objects, according to one aspect of thepresent invention, a key information issuing device (1, 1A, 1B) issuingkey information to a key information retaining device (2, 2A, 2B),comprises an authentication module (14, 3) authenticating an issuer ofthe key information, an output module (13) outputting the keyinformation to the key information retaining unit, and a recordingmodule (11) recording a mapping of the issued key information to the keyinformation retaining unit, wherein the key information is issued inresponse to an indication of the authenticated issuer.

[0011] Preferably, the key information retaining device (2, 2A, 2B)maybe a wireless operation device (2, 2A) wirelessly connected to aninformation device and may include a key information input module (23)inputting the key information in contact with the key informationissuing device, and the output module (13) may include a contact moduleoutputting the key information in contact with the key information inputmodule (23).

[0012] Preferably, the key information retaining device (2, 2A, 2B) maybe a wireless operation device (2, 2A) wirelessly connected to aninformation device and may include a medium input module inputtinginformation from a recording medium, and the output module (13) mayinclude a recording medium write module writing the information to therecording medium, and may issue the key information through therecording medium.

[0013] Preferably, the key information retaining device (2, 2A, 2B) maybe a wireless operation device (2, 2A) wirelessly connected to aninformation device and may include a near communication module incapableof performing communications beyond a predetermined distance, and theoutput module (13) may include a near communication module incapable ofperforming the communications with the key information retaining devicebeyond a predetermined distance, and may issue the key informationthrough the near communication module.

[0014] Preferably, the key information issuing device (1, 1A) mayfurther comprise a receiving module (13) receiving wireless signals fromthe key information retaining device, and a decoding module (11)decoding the information contained in the wireless signals and encryptedwith the key information.

[0015] According to another aspect of the present invention, a wirelessoperation device (2, 2A) wirelessly connected to an information device,comprises a key information input module (23) inputting key informationfor encrypting the information, a recording module (24) recording thekey information, an operation module (22) detecting an operation of auser, an encryption module (21) encrypting user's operation based inputinformation with the key information, and a transmission module (25)transmitting the encrypted input information to the information device.

[0016] Preferably, the key information input module (23) may include acontact module inputting the key information in a contact manner.

[0017] Preferably, the key information input module (23) may include amedium input module inputting information from a recording medium.

[0018] Preferably, the key information input module (23) may include anear communication module incapable of performing communications beyonda predetermined distance.

[0019] Preferably, the wireless operation device (2, 2A) may furthercomprise a setting module setting an execution or non-execution of theencryption, wherein the encryption module may encrypt the inputinformation when the execution of the encryption is set.

[0020] According to still another of the present invention, a wirelessoperation device (2, 2A) wirelessly connected to an information device,comprises an operation module (22) detecting a user's operation, atransmission module (25) transmitting user's operation based inputinformation, and a confirmation module (21) confirming whether there isa response signal from the information device with respect to thetransmitted input information, wherein the transmission of the inputinformation is stopped if the response signal is not obtained.

[0021] According to a further aspect of the present invention, awireless operation device (2, 2A) wirelessly connected to an informationdevice, comprises an operation module (22) generating input informationby detecting a user's operation, a simulated information generatingmodule (21) generating simulated information simulating the inputinformation, and a transmission module (25) transmitting the inputinformation or the simulated information.

[0022] Preferably, the simulated information may be transmittedirrespective of whether the user's operation is made or not (S2A-S2C).

[0023] Preferably, the key information retaining device (2, 2A, 2B) maybe an electronic key (2B) that unlocks a predetermined area.

[0024] According to a still further aspect of the present invention, akey information managing method of managing key information issued to akey information retaining device, comprises authenticating an issuer ofthe key information (S10-S11), generating key information (S15),outputting the key information to the key information retaining unit(S16), and recording a mapping of the issued key information to the keyinformation retaining unit (S1B).

[0025] According to a yet further aspect of the present invention, thereis provided a program executed by a computer to actualize any one of thefunctions described above.

[0026] According to an additional aspect of the present invention, thereis provided a readable-by-computer recording medium recorded with such aprogram.

[0027] As described above, according to the present invention, it ispossible to ensure the sufficient security for protecting thecommunication between the information device and the wireless remotecontrol from being intercepted. According to the present invention, thekey information can be easily issued to the key information retainingdevice for retaining the key information. Further, according to thepresent invention the sufficient security against the interception canbe ensured when issuing the key information.

BRIEF DESCRIPTION OF THE DRAWINGS

[0028]FIG. 1 is a diagram showing an information system as a whole in afirst embodiment of the present invention;

[0029]FIG. 2 is a block diagram showing a remote controller 2;

[0030]FIG. 3 is a diagram showing a data structure of a packet;

[0031]FIG. 4 is a flowchart showing steps of distributing an encryptionkey to the remote controller 2 from a main unit 1;

[0032]FIG. 5 is a flowchart showing a process when operating the remotecontroller;

[0033]FIG. 6 is a flowchart showing details of a process of encryptingbutton information;

[0034]FIG. 7 is a flowchart showing details of a process of sending abutton information packet and a dummy packet;

[0035]FIG. 8 is a flowchart showing a process when in a receivingoperation of the main unit 1;

[0036]FIG. 9 is a diagram showing a system architecture of aninformation system for executing home banking in a second embodiment ofthe present invention; and

[0037]FIG. 10 is a diagram showing a system architecture of aninformation system for executing a security management of an office in athird embodiment of the present invention.

DETAILED DESCRIPTION OF THE PREFERRED EMBODIMENTS

[0038] Preferred embodiments of the present invention will hereinafterbe described with reference to the accompanying drawings.

[0039] <<First Embodiment>>

[0040] A first embodiment of the present invention will hereinafter bedescribed with reference to FIGS. 1 through 8. FIG. 1 is a diagramshowing an information system as a whole in the first embodiment. FIG. 2is a block diagram showing a wireless remote controller 2. FIG. 3 is adiagram showing a data structure of a packet transmitted and receivedbetween a main unit 1 and the wireless remote controller 2. FIG. 4 is aflowchart showing steps of distributing an encryption key to thewireless remote controller 2 from the main unit 1. FIGS. 5 through 7 areflowcharts each showing a process when operating the wireless remotecontroller 2. FIG. 8 is a flowchart showing a process when the main unit1 receives the packet.

[0041] <Outline of Functions>

[0042] The information system in the first embodiment is operatedthrough wireless communications by the remote controller. Thisinformation system authenticates a user and issues an encryption key forevery remote controller operated by the user. At this time theinformation system records the encryption key issued for every remotecontroller.

[0043] When the user operates the information system by the remotecontroller, input information is encrypted by the encryption key. Then,the remote controller transmits a start-of-communication request to theinformation system and transmits the encrypted input information.

[0044] The information system identifies the remote controller inresponse to the start-of-communication request transmitted from theremote controller. Then, the information system collates the encryptionkey issued to the requester remote controller with the key among thoserecorded. Subsequently, the information system decodes the inputinformation with this encryption key and detects an operation of theuser.

[0045] The encryption key is distributed in the following steps.

[0046] (1) A device on the main unit of the information system executesauthenticating the user identity. This process is to confirm whether theuser is qualified for receiving a distribution of key information.

[0047] (2) Next, the main unit confirms proximity of the remotecontroller to the device itself.

[0048] (3) Subsequently, the main unit generates an encryption key(e.g., a random number).

[0049] (4) The main unit transmits the encryption key via a safetycommunication path that prevents an interception (wiretapping)

[0050] (5) The main unit confirms that the remote controller receivesthe encryption key in safety.

[0051] <Whole Architecture>

[0052]FIG. 1 is the diagram showing the whole architecture of thepresent information system. As shown in FIG. 1, this information systemis configured by the main unit 1 and the wireless remote controller 2.

[0053] The main unit 1 is categorized as an information processingdevice capable of communicating with an outside system via anunillustrated network. The main unit 1 may be, for example, a personalcomputer (which will hereinafter be abbreviated to PC), a digital TV, aset-top box and so on.

[0054] The main unit 1 includes a PC-equivalent function module 11, aremote controller proximity confirmation module 12, a remote controllercommunication module 13 and an authenticating function module 14.

[0055] The PC-equivalent function module 11 includes a CPU for providingan information processing function, a memory for storing the informationand a communication interface for accessing the network. Thearchitecture and operation thereof are nowadays broadly known, and hencetheir explanations are herein omitted. The PC-equivalent function module11, based on this architecture, controls the main unit 1 and provides avariety of information processing functions.

[0056] For example, the PC-equivalent function module 11 generates theencryption key to be transmitted to the wireless remote controller. Thegeneration of the encryption key involves generating a random number (orprime number) by a predetermined algorithm. The generated encryption keyis required when in the remote communications and is therefore recordedand stored in the unillustrated memory of the main unit 1.

[0057] The PC-equivalent function module 11 embeds an ID for identifyingthe wireless remote controller in to this key. Then, the PC-equivalentfunction module 11 records a mapping table containing the IDs of thewireless remote controllers 2 and the encryption keys distributed.

[0058] The ID may involve the use of a production number (serial number)of the wireless remote controller 2. Further, the ID of the remotecontroller may also be generated by use a random number. With this ID,the present information system can administer a plurality of remotecontrollers. If one single remote controller is to be used, the ID isnot required. If there are other necessary pieces of information, thesepieces of information may be contained in a part of the encryption key.

[0059] Further, the PC-equivalent function module 11 checks whether thewireless remote controller 2 surely receives the encryption key. In thiscase, the PC-equivalent function module 11 can confirm it simply by, forinstance, indicating the wireless remote controller 2 to transmit theencryption key back. Moreover, the wireless remote controller 2 maytransmit only a checksum of the encryption key back to the module 11.Even if failing to transmit the encryption key, the wireless remotecontroller 2 just falls into an unusable state and becomes usable byretrying the distribution steps. Accordingly, if the reliability of theencryption key transmission process is sufficiently high, there may beomitted the confirmation of whether the wireless remote controller 2surely receives the encryption key.

[0060] The PC-equivalent function module 11 provides a function ofauthenticating the user identity. The authentication method includes abiometrics authentication using a fingerprint, sound spectrogram etc, acode number authentication, a password authentication and so forth. Amethod corresponding to a confidentiality required and an actualizingcost can be selected from those methods.

[0061] The authentication function module 14 checks based on theauthentication method whether the user is qualified for indicating thedistribution of the encryption key to the wireless remote controller 2.If the user is unqualified for indicating the distribution of theencryption key, the main unit 1 stops the process just when the userproves unqualified.

[0062] The remote controller proximity confirmation module 12 is, forinstance, a pushbutton and so on. The user, when making the wirelessremote controller 2 proximal to the main unit 1, manipulates this remotecontroller proximity confirmation module 12 (e.g., presses the pushbutton). With this manipulation, the main unit 1 recognizes theproximity of the wireless remote controller 2.

[0063] In this state, the main unit 1 performs wire communications orwireless communications using feeble radio waves with the wirelessremote controller 2. The main unit 1 and the wireless remote controller2 in such a state are illustrated in a lower part in FIG. 1.

[0064] The remote controller communication module 13 provides a functionof transmitting the encryption key to the wireless remote controller 2.The remote controller communication module 13 is configured of acommunication interface and a communication program. Interfacescategorized as a serial system such as RS232C, a parallel systempursuant to the Centronics Standard and other wire systems are usable asthe communication interface.

[0065] Thus, the present information system involves the use of thehard-to-intercept wire system for transmitting the encryption keyseparately from the wireless communication interface. Note that wirelesscommunication interface is, for example, an infrared-ray receivingmodule, a wireless LAN interface and soon. The wireless communicationsmay, however, also be utilized for transmitting the encryption key byusing an electromagnetic shield in combination.

[0066] Further, a close range wireless system incapable ofcommunications at a predetermined distance or farther may also be used.In this case, the remote controller communication module 13 mayincorporate both of the encryption key transmitting function and afunction of receiving an encrypted operation signal from the wirelessremote controller 2.

[0067] In this case, an interception countermeasure such as reducing atransmission output when in close proximity, may be taken together withthe electromagnetic shield. Note that there is no limit to a data formatfor distributing the key information described above.

[0068]FIG. 2 is the block diagram showing the wireless remote controller2. The wireless remote controller 2 shown in FIG. 2 includes aprocessing unit 21 for controlling the components of the wireless remotecontroller 2, a keyboard 22 for detecting a user's operation on theinformation system and generating input information, an encryption keyreceiving module 23 for receiving the encryption key from the main unit1 of the information system, a memory 24 to and from which theprocessing unit 21 writes and read the information, atransmitting/receiving module 25 for transmitting and receiving theinformation in the wireless communications in accordance with anindication given from the processing unit 21, a display unit 26 fordisplaying various items of information, an encryption ON/OFF switch 27for specifying whether the encryption is executed or not, and a powerunit (battery) for supplying the electric power to the wireless remotecontroller 2.

[0069] The processing unit 21 is, for instance, a microprocessor. Theprocessing unit 21 executes a control program loaded in the memory 24,thereby providing the function of the wireless remote controller 2. Forexample, the processing unit 21 receives the encryption key from themain unit 1 via the encryption key receiving module 23. Further, theprocessing unit 21 encrypts the information to be transmitted to themain unit by use of the encryption key received.

[0070] The keyboard 22 contains, in addition to alphabetic and numeralkeys, a variety of buttons, an ON/OFF switch and so on. The user inputsan indication to the information system by manipulating these keys,buttons and switch.

[0071] The encryption key receiving module 23 is defined as acommunication interface corresponding to the remote controllercommunication module 13 of the main unit 1 described above.

[0072] The memory 24 is constructed of a random access memory (RAM) anda read-only memory (ROM). The memory 24 is stored with programs executedby the processing unit 21 and tables used by the processing unit 21.

[0073] The transmitting/receiving module 25 is a communication interfacefor performing the wireless communications with the main unit 1. Thetransmitting/receiving module 25 is, e.g., an infrared-ray emittingmodule and an infrared-ray receiving module, and a wireless LANinterface.

[0074] The display unit 26 displays an operation state of the wirelessand so on. For example, the display unit 26 is a power lamp, etc.

[0075] The encryption On/Off switch 27 specifies whether the informationis encrypted in the processing unit 21. This encryption On/Off switchis, provided so that the present wireless remote controller 2 is usedfor the general purpose, for an example, in a case that the informationneeds to be encrypted in the communications with a TV receiver etc andan operation signal of an air-conditioner does not require theencryption (which means that a control unit of the air-conditioner isnot adapted to the encryption). The user does an on/off setting of theencryption in accordance with a target operated by the wireless remotecontroller 2 by use of the encryption On/Off switch 27.

[0076] <Data Structure>

[0077]FIG. 3 shows an example of the data structure of wirelesscommunication data (which will hereinafter be referred to as a packet)transferred and received between the main unit 1 and the wireless remotecontroller 2. As shown in FIG. 3, according to the present informationsystem, a start-of-communication packet, a communication permissionpacket, a button information/dummy packet and an acknowledgement packetare prepared as packets of this category.

[0078] The start-of-communication packet is used for the wireless remotecontroller 2 to request the main unit 1 to start the communications. Asshown in FIG. 3, the start-of-communication packet has fields storedwith a header, a packet ID, a remote controller ID, a piece of dummydata and a checksum.

[0079] The header is defined as a bit string that indicates the packettransferred and received between the main unit 1 and the wireless remotecontroller 2 in the present information system. Referring to FIG. 3, abit string “55AA” (hexadecimal number) is exemplified as the header.

[0080] The packet ID is an identification number specifying a categoryof the packet. Referring again to FIG. 3, the ID “0000” is specified inthe start-of-communication packet. The dummy data in thestart-of-communication packet is defined as a bit string embedded in anunused field of the start-of-communication packet. Further, the checksumis defined as a piece of information for confirming a validity of thedata when receiving the packet.

[0081] The communication permission packet is a packet used for the mainunit 1 to notify the wireless remote controller 2 of a communicationpermission in response to the start-of-communication packet sent fromthe wireless remote controller 2. As shown in FIG. 3, the communicationpermission packet has fields stored with a header, a packet ID, a remotecontroller ID, a session ID, apiece of dummy data and a checksum.

[0082] The header, the packet ID, the remote controller ID, the dummydata and the checksum among these pieces of data are the same as thosein the start-of-communication packet. Further, the main unit 1 notifiesthe wireless remote controller 2 of the session ID each time thecommunication permission or receipt acknowledgement is made. Thewireless remote controller 2 encrypts the input information with thereceived key information and this session ID.

[0083] The button information/dummy data packet is categorized into abutton information packet and a dummy packet. The button informationpacket is used for the wireless remote controller 2 to transmit thebutton information (input information of the button manipulated by theuser) to the main unit 1. Further, the dummy packet is used fortransmitting the dummy data.

[0084] As shown in FIG. 3, the button information/dummy packet hasfields stored with a header, a packet ID, a remote controller ID,encrypted button information or dummy data and a checksum.

[0085] The encrypted button information among these pieces of data is apiece of input information generated when the user operates the wirelessremote controller 2. The button information is previously encrypted withthe encryption key and the session ID that have been transmitted fromthe main unit 1 to the wireless remote controller 2. Moreover, the dummypacket is a packet for preventing a third party from intercepting(wiretapping) the button information packet. The dummy packet containsdummy data simulating the button information. An unspecified number ofdummy packets are transmitted before and after the button informationpacket.

[0086] The acknowledgement packet is a packet used for the main unit 1to notify the wireless remote controller 2 of an acknowledgement inresponse to the button information/dummy packet sent from the wirelessremote controller 2. As shown in FIG. 3, the acknowledgement packet hasfields stored with a header, a packet ID, a remote controller ID a“checksum of the received packet”, a next session ID, and a checksum.

[0087] The “checksum of the received packet” among those pieces of datais a checksum of the packet received at the previous session. Further,the next session ID is used for encrypting the button information nexttime.

[0088] <Operation>

[0089]FIG. 4 is the flowchart showing an example of an encryption keydistributing process. This process is a process of the program executedby the main unit 1 (the PC-equivalent function module 11) when the mainunit 1 transmits the encryption key to the wireless remote controller 2.

[0090] In this process, the main unit 1 at first executes authenticatingthe user's identity (S10). The authentication of the user's identityinvolves reading the remote controller ID, reading the authenticationinformation from the user and confirming the authentication information.The authentication information given from the user includes afingerprint, a sound spectrogram, a code number or a password.

[0091] Next, the main unit 1 judges based on a result of thisauthentication whether the user is qualified for receiving thedistribution of the encryption key (S31). This judgment is made based ona comparison between the given authentication information and theauthentication information registered in the main unit 1. The main unit1, when judging that the user is unqualified and is thereforeunauthorized user, aborts the process.

[0092] Whereas if judging that the user is qualified, the main unit 1next waits for the wireless remote controller 1 to approach the mainunit 1 itself (S12). Then, the main unit 1 judges whether the wirelessremote controller is in close proximity to the main unit 1 itself (S13).

[0093] Then, if the wireless remote controller 2 is not in closeproximity, the main unit 1 judges whether it is a time-out or not (S14).If not the time-out, the main unit 1 returns the control to S12. Whereasif it is the time-out, the main unit aborts the process.

[0094] When judging in S13 that the wireless remote controller 2 getsapproached, the main unit 1 generates the encryption key (S15). Next,the main unit 1 transmits the encryption key to the wireless remotecontroller 2 (S16).

[0095] Subsequently, the main unit 1 waits for a response from thewireless remote controller (S17). If there is no response, the main unit1 judges whether it is the time-out (S19). Then, if not the time-out,the main unit 1 returns the control to S17. Whereas if it is thetime-out, the main unit 1 aborts the process.

[0096] When judging in S18 that there is the response, the main unit 1judges whether this response is normal (S1A). If not normal, the mainunit 1 returns the control S12, and repeats the same process.

[0097] When judging in S1A that the response is normal, the main unit 1creates and updates a mapping table stored with the remote controller IDand the encryption key (S1B). Thereafter, the main unit 1 finishes theprocess.

[0098]FIG. 5 shows the flowchart shoring the operation of the wirelessremote controller. This process is a process of the program executed bythe processing unit 21 of the wireless remote controller 2. An executionof this process is triggered by power-on of the wireless remotecontroller 2 or by pressing an unillustrated reset button.

[0099] In this process, to start with, the wireless remote controller 2initializes the wireless remote controller 2 itself and comes to astatus of waiting for the encryption key (S20). Next, the wirelessremote controller 2 judges whether the receipt of the encryption key iscompleted (S21).

[0100] When the receipt of the encryption key is completed, the wirelessremote controller 2 saves the received encryption key together with itsown remote controller ID, and sends a completion-of-receipt response(S22). Thereafter, the wireless remote controller 2 comes to a waitingstatus (S23). This waiting status continues till a new encryption key istransmitted or a user's button manipulation is detected.

[0101] Namely, when the receipt of the encryption key is started, thewireless remote controller 2 returns the control to S21, and confirmsthe completion of the receipt. On the other hand, when detecting theuser's button manipulation, the wireless remote controller 2 sends thestart-of-communication packet (S24).

[0102] Then, the wireless remote controller 2 waits for thecommunication permission packet (S25). Subsequently, if unable toreceive the communication permission packet from the main unit 1 in waitfor a predetermined time, the wireless remote controller 2 shifts to thewaiting status (S23).

[0103] While on the other hand, when receiving the communicationpermission packet, the wireless remote controller 2 executes encryptingthe button information (S27). Namely, the wireless remote controller 2encrypts the input information generated by the user's buttonmanipulation.

[0104] Next, the wireless remote controller 2 sends a dummy packet(S28). The number of times with which the dummy packet is sent isunspecified (random).

[0105] Next, the wireless remote controller 2 sends a button informationpacket (S29). Next, the wireless remote controller 2 sends a dummypacket (S2A). The number of times with which the dummy packet is sent istoo unspecified (random).

[0106] Next, the wireless remote controller 2 judges whether the buttonis manipulated (S2B). Further, if manipulated, the wireless remotecontroller 2 returns the control to S27.

[0107] Whereas if not manipulated, the wireless remote controller 2judges whether it is a time-out or not (S2C). if not the time-out, thewireless remote controller 2 returns the control to S2A. With thisprocess, the dummy packet is transmitted an unspecified number of timestill it comes to the time-out even when the user does not operate thewireless remote controller 2. Whereas if it is the time-out, thewireless remote controller 2 shifts to the waiting status (S23).

[0108]FIG. 6 shows a detailed process of encrypting the buttoninformation (S27 in FIG. 5). In this process, the wireless remotecontroller 2, to begin with, judges whether the encryption On/Off switch27 is switched ON (S270).

[0109] If the encryption On/Off switch 27 is switched OFF, the wirelessremote controller 2 finishes the button information encryption process.Whereas if the encryption On/Off switch 27 is switched ON, the wirelessremote controller 2 reads the key information (S271).

[0110] Next, the wireless remote controller 2 reads the session ID(S272). This session ID is obtained from the communication permissionpacket or the acknowledgement packet (see FIG. 3).

[0111] Next, the wireless remote controller 2 encrypts the inputinformation with the key information and the session ID (S273).Thereafter, the wireless remote controller 2 finishes the buttoninformation encryption process.

[0112]FIG. 7 shows details of the process of sending the buttoninformation packet and the dummy packet (S28, S29 or S2A)

[0113] In this process, the wireless remote controller 2 at first sendsthe packet (the button information packet or the dummy packet) (S41).

[0114] Next, the wireless remote controller 2 waits for theacknowledgement packet (S42). Then, the wireless remote controller 2judges whether the acknowledgement packet is received (S43). If theacknowledgement packet is received, the wireless remote controller 2advances the control to the next process.

[0115] While on the other hand, when judging in S43 that theacknowledgement packet is not yet received, the wireless remotecontroller 2 judges whether it is a time-out (S44). If not the time-out,the wireless remote controller 2 returns the control to S42 (S44). Ifnot the time-out, the wireless remote controller 2 returns the controlto S42. Whereas if judging in S44 that it is the time-out, the wirelessremote controller 2 shifts to the waiting status.

[0116]FIG. 8 is the flowchart showing a receiving operation of the mainunit 1. Upon a start of this process, the main unit 1 comes to a statusof waiting for receiving the start-of-communication packet (S30). Then,the main unit 1 judges whether the receipt of the start-of-communicationpacket is completed (S31).

[0117] Then, when the receipt of the start-of-communication packet iscompleted, the wireless remote controller 2 collates the received remotecontroller ID (simply written as ID in FIG. 6) with the mapping table(created and updated in S1B in FIG. 4) (S32)

[0118] Next, the main unit 1 judges whether the received remotecontroller ID is valid (S33). If judged to be invalid, the main unit 1returns the control to S30.

[0119] Whereas if valid, the main unit 1 sends the communicationpermission packet (S34). Next, the main unit 1 comes to a status ofwaiting for the button information/dummy packet. Then, the main unit 1judges whether the receipt of the button information/dummy packet iscompleted (S36).

[0120] The main unit 1, when the receipt of the button information/dummypacket is completed, sends the acknowledgement packet and furtherexecutes a decoding process (S37).

[0121] Subsequently, the main unit 1 judges whether the received packetis a dummy packet (S38). If judged to be the dummy packet, the main unit1 returns the control to S35.

[0122] If not the dummy packet, the main unit 1 takes in the buttoninformation (S39). Thereafter, the main unit 1 returns the control toS35.

[0123] <Effects of Embodiment>

[0124] As discussed above, according to the information system in thefirst embodiment, the button information generated when operating thewireless remote controller 2 with respect to the main unit 1 or theinformation system, is encrypted. It is therefore feasible to decreasethe possibility in which the operation signal generated when theinformation system is operated through the wireless remote controller 2might be intercepted by the third party.

[0125] Further, on such an occasion, according to the presentinformation system, the main unit 1 distributes the encryption key tothe wireless remote controller 2 in the wire communications in a waythat brings the wireless remote controller 2 into contact with the mainunit 1 or the wireless communications using the feeble radio waves withthe wireless remote controller 2 disposed in close proximity to the mainunit 1. Hence, it is possible to reduce such a risk that the encryptionkey itself might be intercepted (wiretapped) by the third party.

[0126] Moreover, according to the information system in the firstembodiment, the information communications are carried out in apredetermined shake-hand procedure, for instance, as by thestart-of-communication packet and the response packet respondingthereto. It is therefore possible to reduce the risk that the operationsignal generated when operating the information system through thewireless remote controller might be intercepted by the third party.

[0127] Further, according to the information system in the firstembodiment, for example, the dummy packets are transmitted before andafter transmitting the button information packet. Hence, it is feasibleto decrease the risk that the operation signal generated when operatingthe information system through the wireless remote controller 2 might beintercepted by the third party.

[0128] <Modified Example>

[0129] According to the first embodiment discussed above, the main unit1 and the wireless remote controller 2 communicate with each other byuse of the packets as shown in FIG. 3. The embodiment of the presentinvention is not, however, limited to the architecture and stepsdescribed above. For example, the start-of-communication packetbasically capable of transferring (containing) the remote control ID maysuffice, and the header, the packet ID etc may be or may not be added asthe necessity arises.

[0130] Moreover, a data size of the packet may be a fixed length or avariable length. In the case of the fixed length, the length may beadjusted by using the dummy data shown in FIG. 3.

[0131] In the embodiment discussed above, the key information is passedto the encryption key receiving module 23 of the wireless remotecontroller 2 in the communications from remote controller communicationmodule 13 of the main unit 1 to the wireless remote controller 2. Theembodiment of the present invention is not, however, limited to thisarchitecture. The key information may be passed to the wireless remotecontroller 2 from the main unit 1 through a readable-by-computerrecording medium such as a flash memory card and so on.

[0132] In this case, the writing portion (e.g., a card slot) to therecording medium may be provided in the main unit 1. Further, thewireless remote controller 2 may be provided with a reading portion(e.g., the card slot) from the recording medium. Configurations of theseaccessing devices to the recording medium are broadly known, and hencetheir explanations are herein omitted.

[0133] In the embodiment discussed above, the input information isencrypted with the encryption key and the session ID. The embodiment ofthe present invention is not, however, confined to this method. Forinstance, the input information may be encrypted with only theencryption key without using the session ID.

[0134] Moreover, it is considered that all appliances in home arecontrolled by one single remote controller. In the case of utilizing theremote controller incorporating the encrypting function, on/off statesof the air-conditioners, the channels of the TV and operations of apersonal computer are all encrypted.

[0135] For an example, the On/Off signals of the air-conditioner amongthese operations do not need the encryption, and there might be a casewhere it is difficult to provide the air-conditioner with theencrypting/decrypting function. In such a case, the remote controllermay make an option of the encryption or non-encryption according to thenecessity and may thus perform the communications. In this case, theencryption On/Off switch 27 shown in FIG. 2 may be set OFF.

[0136] Alternatively, the PC is entrusted with all the remote controllercommunications and my decode by totally using the encryptedcommunications. In this case, if there is not the PC, the appliancecannot be controlled, and the remote controller is unusable.Accordingly, it follows that a range of utilizing such a system islimited.

[0137] <<Second Embodiment>>

[0138] A second embodiment of the present invention will hereinafter bedescribed referring to FIG. 9. FIG. 9 is a diagram showing a systemarchitecture of an information system for executing home banking in thesecond embodiment.

[0139] The discussion in the first embodiment has been focused on thearchitecture and the operation of the information system including thewireless remote controller 2 having the encrypting function and the mainunit 1 operated by the wireless remote controller 2. The secondembodiment will exemplify a case where this information system isapplied to home banking. Other configurations and operations in thesecond embodiment are the same as those in the first embodiment. Suchbeing the case, the same components are marked with the same numerals,and their repetitive explanations are omitted. Further, the reference tothe drawings in FIGS. 1 through 8 will be made as the necessity mayarise.

[0140] This information system is configured by a PC 1A implementing aremote controller function (which will hereinafter be abbreviated to theRC function), a remote controller 2A provided with a keyboard foroperating the PC 1A, and a bank host computer connected to the PC 1A viaLAN (Local Area Network)/WAN (Wide Area Network).

[0141] The configuration and the operation of the PC 1A with the RCfunction are the same as those of the main unit 1 in the firstembodiment. Further, the configuration and the operation of the remotecontroller 2A with the keyboard are the same as those of the wirelessremote controller 2 in the first embodiment.

[0142] The user inputs a code number to the PC 1A with the RC functionthrough the remote controller 2A with the keyboard in the home banking.The communication from the remote controller 2A with the keyboard to thePC 1A with the RC function is similarly encrypted as in the informationsystem according to the first embodiment. This architecture is capableof reducing the possibility in which the code number etc is intercepted(wiretapped) by the third party when utilizing the home banking.

[0143] Note that the security in the communication from the PC 1A withthe RC function via the LAN/WAN to the bank host computer has hithertobeen ensured by the variety of methods.

[0144] Accordingly, the PC 1A with the RC function and the remotecontroller 2A with the keyboard in the second embodiment cover an areathat has hitherto been considered to be lowest in security in the homebanking.

[0145] <Modified Example>

[0146] The second embodiment discussed above has exemplified the casewhere the keyboard-attached remote controller 2A incorporating theencrypting function is applied to the home banking. The embodiment ofthe present invention is not, however, limited to this applied example.Namely, the remote controller 2A with the keyboard and the wirelessremote controller with the encrypting function shown in the firstembodiment, can be applied to various categories of information systems.

[0147] For example, the system described above can be applied whenconnected to an Internet provider. This is because the a password whenconnected to the Internet provider can be used in the same way as acredit card. The system for the encryption on the network and on thetelephone line is getting sophisticated, and hence an area exhibitingthe lowest confidentiality may be the remote controller as viewed fromthe whole system. Accordingly, the wireless remote controller 2 enhancessuch a lowest-security area, i.e., enhances essentially the security ofthe system on the whole.

[0148] <<Third Embodiment>>

[0149] A third embodiment of the present invention will be explainedwith reference to FIG. 10. FIG. 10 is a diagram showing a systemarchitecture of an information system for executing a securitymanagement in an office according to the third embodiment.

[0150] This system is configured by a key information management PC 1Bfor issuing an electronic key 2B used for an office worker to enter theroom, an authentication information input device 3 for authenticating anissuer of the key information, a lock management device at an entranceof the building, a lock management device at a door of the office, and akey information communication path that connects these lock managementdevices to the key information management PC 1B.

[0151] A configuration of the key information management PC 1B is thesame as that of the main unit 1 in the first embodiment. According tothe third embodiment, the key information management PC 1B has a keyinformation management table for managing the issued key information forevery electronic key 2B of the key receiver. This key informationmanagement table is a mapping of IDs of the electronic keys 2B to theissued key information.

[0152] The authentication information input device 3 serves toauthenticate whether the issuer issuing the key information is valid.This authentication information input device 3 is, for example, afingerprint reader, a sound spectrogram analyzer, a keyboard forinputting a code number or a password, and so forth.

[0153] The electronic key 2B includes a memory for recording the keyinformation. The electronic key 2B, for instance, a card formed withmagnetic stripes, an IC card, or a stick recorded with magnetism- orIC-based information.

[0154] When the key information of the this electronic key 2B isinputted to the lock management device at the entrance of the buildingor at the door of the office, the key ID of the electronic key 2B andthe key information are transmitted via the key informationcommunication path to the key information management PC 1B. Then, if thekey information management table has already been stored with themapping of the key ID to the key information, the key informationmanagement PC 1B transmits an unlock command the lock management device,thereby unlocking the entrance or the door.

[0155] This electronic key 2B is distributed to the worker who unlocksthe entrance of the building or the door of the office. Then, if thenumber of such new workers increases, the issuer of which theauthentication information is registered issues the key information.

[0156] Namely, the issuer at first authenticates the issuer himself orherself by use of the authentication information input device 3, andnext commands the key information management PC 1B to issue the keyinformation. The key information is thereby written to the newelectronic key 2B. In this case, the ID of the electronic key 2B and thekey information are entered in the key information management table.

[0157] Note that if the electronic key 2B is lost, the worker concernednotifies the issuer that the key 2B is lost. The issuer deletes the keyinformation of the electronic key 2 b distributed to that worker fromthe key information management table. Further, the issuer input the keyinformation a new electronic key 2B in the same procedures and transfersit to the worker concerned.

[0158] Thus, according to the system in the third embodiment, theauthenticated issuer can simply issue he electronic key 2B. Moreover, incase the electronic key 2B is lost, the lost electronic key 2B can bemade ineffective without exerting any influence on other workers.

[0159] <<Readable-by-Computer Recording Medium>>

[0160] The program executed by the computer to actualize any one of theprocesses (functions) described above in the embodiments discussed abovemay be recorded on a readable-by-computer recording medium. Then, thecomputer reads and executes the program on this recording medium,thereby providing the function of the main unit 1, the PC 1A with the RCfunction, the encryption key issuing device 1B, the wireless remotecontroller 2, or the remote controller 2A with the keyboard shown in theembodiment discussed above.

[0161] Herein, the readable-by-computer recording medium embracesrecording mediums capable of storing information such as data, programs,etc. electrically, magnetically, optically and mechanically or bychemical action, which can be all read by the computer. What isdemountable out of the computer among those recording mediums may be,e.g., a floppy disk, a magneto-optic disk, a CD-ROM, a CD-R/W, a DVD, aDAT, an 8 mm tape, a memory card, etc.

[0162] Further, a hard disk, a ROM (Read Only Memory) and so on areclassified as fixed type recording mediums within the computer.

[0163] <<Data Communication Signal Embodied in Carrier Wave>>

[0164] Furthermore, the above program may be stored in the hard disk andthe memory of the computer, and downloaded to other computers viacommunication media. In this case, the program is transmitted as datacommunication signals embodied in carrier waves via the communicationmedia. Then, the computer downloaded with this program can be made toprovide the function of the main unit 1, the PC 1A with the RC function,the encryption key issuing device 1B, the wireless remote controller 2,or the remote controller 2A with the keyboard.

[0165] Herein, the communication media may be any one of cablecommunication mediums such as metallic cables including a coaxial cableand a twisted pair cable, optical communication cables, or wirelesscommunication media such as satellite communications, ground wavewireless communications, etc.

[0166] Further, the carrier waves are electromagnetic waves formodulating the data communication signals, or the light. The carrierwaves may, however, be DC signals. In this case, the data communicationsignal takes a base band waveform with no carrier wave. Accordingly, thedata communication signal embodied in the carrier wave may be anyone ofa modulated broadband signal and an unmodulated base band signal(corresponding to a case of setting a DC signal having a voltage of 0 asa carrier wave).

1-5. (Cancelled)
 6. A wireless operation device wirelessly connected toan information device, comprising: a key information input moduleinputting key information for encrypting the information; a recordingmodule recording the key information; an operation module detecting anoperation of a user; an encryption module encrypting user's operationbased input information with the key information; and a transmissionmodule transmitting the encrypted input information to the informationdevice.
 7. A wireless operation device according to claim 6, whereinsaid key information input module includes a contact module inputtingthe key information in a contact manner.
 8. A wireless operation deviceaccording to claim 6, wherein said key information input module includesa medium input module inputting information from a recording medium. 9.A wireless operation device according to claim 6, wherein said keyinformation input module includes a near communication module incapableof performing communications beyond a predetermined distance.
 10. Awireless operation device according to claim 6, further comprising asetting module setting an execution or non-execution of the encryption,wherein said encryption module encrypts the input information when theexecution of the encryption is set.
 11. A wireless operation devicewirelessly connected to an information device, comprising: an operationmodule detecting a user's operation; a transmission module transmittinguser's operation based input information; and a confirmation moduleconfirming whether there is a response signal from the informationdevice with respect to the transmitted input information, wherein thetransmission of the input information is stopped if the response signalis not obtained.
 12. A wireless operation device wirelessly connected toan information device, comprising: an operation module generating inputinformation by detecting a user's operation; a simulated informationgeneration module generating simulated information simulating the inputinformation; and a transmission module transmitting the inputinformation or the simulated information.
 13. A wireless operationdevice according to claim 12, wherein the simulated information istransmitted irrespective of whether the user's operation is made or not.14-19. (Cancelled)
 20. A device control method based on wirelesssignals, comprising: inputting key information for encryptinginformation; recording the key information for the encryption; detectingan operation of a user; encrypting user's operation based inputinformation with the key information; and transmitting the encryptedinput information through on the wireless signals.
 21. A device controlmethod according to claim 20, wherein inputting the key informationinvolves inputting the key information through on contact signalsdifferent from the wireless signals.
 22. A device control methodaccording to claim 20, wherein inputting the key information involvesinputting the key information from a recording medium.
 23. A devicecontrol method according to claim 20, wherein inputting the keyinformation involves inputting the key information in nearcommunications impossible of communications beyond a predetermineddistance.
 24. A device control method according to claim 20, furthercomprising setting an execution or non-execution of the encryption,wherein encrypting the input information involves encrypting the inputinformation when the execution of the encryption is set.
 25. A devicecontrol method based on wireless signals, comprising: detecting a user'soperation; transmitting user's operation based input information; andconfirming whether there is a response signal with respect to thetransmitted input information, wherein the transmission of the inputinformation is stopped if the response signal is not obtained.
 26. Adevice control method based on wireless signals, comprising: generatinginput information by detecting a user's operation; generating simulatedinformation simulating the input information; transmitting the inputinformation; and transmitting the simulated information.
 27. A devicecontrol method according to claim 26, wherein the simulated informationis transmitted irrespective of whether the user's operation is made ornot. 28-33. (Cancelled)
 34. A readable-by-computer recording mediumrecorded with a program executed by a computer to implement devicecontrol using wireless signals, comprising: inputting key informationfor encrypting information; recording the key information for theencryption; detecting an operation of a user; encrypting user'soperation based input information with the key information; andtransmitting the encrypted input information through on the wirelesssignals.
 35. A readable-by-computer recording medium recorded with aprogram according to claim 34, wherein inputting the key informationinvolves inputting the key information through on contact signalsdifferent from the wireless signals.
 36. A readable-by-computerrecording medium recorded with a program according to claim 34, whereininputting the key information involves inputting the key informationfrom a recording medium.
 37. A readable-by-computer recording mediumrecorded with a program according to claim 34, wherein inputting the keyinformation involves inputting the key information in nearcommunications impossible of communications beyond a predetermineddistance.
 38. A readable-by-computer recording medium recorded with aprogram according to claim 34, further comprising setting an executionor non-execution of the encryption, wherein encrypting the inputinformation involves encrypting the input information when the executionof the encryption is set.
 39. A readable-by-computer recording mediumrecorded with a program executed by a computer to implement devicecontrol using wireless signals, comprising: detecting a user'soperation; transmitting user's operation based input information; andconfirming whether there is a response signal with respect to thetransmitted input information, wherein the transmission of the inputinformation is stopped if the response signal is not obtained.
 40. Areadable-by-computer recording medium recorded with a program executedby a computer to implement device control using wireless signals,comprising: generating input information by detecting a user'soperations generating simulated information simulating the inputinformation; transmitting the input information; and transmitting thesimulated information.
 41. A readable-by-computer recording mediumrecorded with a program according to claim 40, wherein the simulatedinformation is transmitted irrespective of whether the user's operationis made or not.
 42. (Cancelled)